Primary

Context

Jenkins Open Redirect Vulnerability

Vulnerability

Patched

An open redirect vulnerability has been identified in Jenkins versions through 2.499 and LTS versions through 2.492.1. In these versions, redirects starting with backslash characters are treated as safe, allowing attackers to perform phishing attacks. This is possible because browsers interpret backslashes as part of scheme-relative redirects, enabling the redirection to an external site.

Impact

Exploitation of this vulnerability could lead to phishing attacks, where users are redirected to malicious sites without their knowledge.

Remediation

Users of Jenkins weekly versions should update to version 2.500, and users of Jenkins LTS should update to version 2.492.2. These versions include the necessary fix for this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jenkins

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating